Repository: hadoop Updated Branches: refs/heads/branch-2.7 d286673c6 -> 557dfe5c4
HADOOP-11014. Potential resource leak in JavaKeyStoreProvider due to unclosed stream. (ozawa) (cherry picked from commit b351086ff66ca279c0550e078e3a9d110f3f36a5) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/557dfe5c Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/557dfe5c Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/557dfe5c Branch: refs/heads/branch-2.7 Commit: 557dfe5c40b7773f71ecfd9f3ce4c3166c5338cd Parents: d286673 Author: Tsuyoshi Ozawa <oz...@apache.org> Authored: Wed Mar 25 16:59:40 2015 +0900 Committer: Tsuyoshi Ozawa <oz...@apache.org> Committed: Wed Mar 25 17:00:07 2015 +0900 ---------------------------------------------------------------------- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../hadoop/crypto/key/JavaKeyStoreProvider.java | 15 ++++++++------- .../hadoop/security/alias/JavaKeyStoreProvider.java | 15 +++++++-------- 3 files changed, 18 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/557dfe5c/hadoop-common-project/hadoop-common/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 60af63f..c155aff 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -689,6 +689,9 @@ Release 2.7.0 - UNRELEASED HADOOP-11609. Correct credential commands info in CommandsManual.html#credential. (Varun Saxena via ozawa) + HADOOP-11014. Potential resource leak in JavaKeyStoreProvider due to + unclosed stream. (ozawa) + Release 2.6.1 - UNRELEASED INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/557dfe5c/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java index c0d510d..05b8b0d 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java @@ -22,6 +22,7 @@ import com.google.common.base.Preconditions; import org.apache.commons.io.IOUtils; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FSDataInputStream; import org.apache.hadoop.fs.FSDataOutputStream; import org.apache.hadoop.fs.FileStatus; import org.apache.hadoop.fs.FileSystem; @@ -299,9 +300,11 @@ public class JavaKeyStoreProvider extends KeyProvider { private FsPermission loadFromPath(Path p, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException { - FileStatus s = fs.getFileStatus(p); - keyStore.load(fs.open(p), password); - return s.getPermission(); + try (FSDataInputStream in = fs.open(p)) { + FileStatus s = fs.getFileStatus(p); + keyStore.load(in, password); + return s.getPermission(); + } } private Path constructNewPath(Path path) { @@ -595,9 +598,8 @@ public class JavaKeyStoreProvider extends KeyProvider { } protected void writeToNew(Path newPath) throws IOException { - FSDataOutputStream out = - FileSystem.create(fs, newPath, permissions); - try { + try (FSDataOutputStream out = + FileSystem.create(fs, newPath, permissions);) { keyStore.store(out, password); } catch (KeyStoreException e) { throw new IOException("Can't store keystore " + this, e); @@ -608,7 +610,6 @@ public class JavaKeyStoreProvider extends KeyProvider { throw new IOException( "Certificate exception storing keystore " + this, e); } - out.close(); } protected boolean backupToOld(Path oldPath) http://git-wip-us.apache.org/repos/asf/hadoop/blob/557dfe5c/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/JavaKeyStoreProvider.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/JavaKeyStoreProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/JavaKeyStoreProvider.java index 05958a0..5e5cebb 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/JavaKeyStoreProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/JavaKeyStoreProvider.java @@ -22,6 +22,7 @@ import org.apache.commons.io.Charsets; import org.apache.commons.io.IOUtils; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FSDataInputStream; import org.apache.hadoop.fs.FSDataOutputStream; import org.apache.hadoop.fs.FileStatus; import org.apache.hadoop.fs.FileSystem; @@ -98,11 +99,8 @@ public class JavaKeyStoreProvider extends CredentialProvider { ClassLoader cl = Thread.currentThread().getContextClassLoader(); URL pwdFile = cl.getResource(pwFile); if (pwdFile != null) { - InputStream is = pwdFile.openStream(); - try { + try (InputStream is = pwdFile.openStream()) { password = IOUtils.toString(is).trim().toCharArray(); - } finally { - is.close(); } } } @@ -110,6 +108,7 @@ public class JavaKeyStoreProvider extends CredentialProvider { if (password == null) { password = KEYSTORE_PASSWORD_DEFAULT.toCharArray(); } + try { keyStore = KeyStore.getInstance(SCHEME_NAME); if (fs.exists(path)) { @@ -118,7 +117,9 @@ public class JavaKeyStoreProvider extends CredentialProvider { FileStatus s = fs.getFileStatus(path); permissions = s.getPermission(); - keyStore.load(fs.open(path), password); + try (FSDataInputStream in = fs.open(path)) { + keyStore.load(in, password); + } } else { permissions = new FsPermission("700"); // required to create an empty keystore. *sigh* @@ -257,8 +258,7 @@ public class JavaKeyStoreProvider extends CredentialProvider { return; } // write out the keystore - FSDataOutputStream out = FileSystem.create(fs, path, permissions); - try { + try (FSDataOutputStream out = FileSystem.create(fs, path, permissions)) { keyStore.store(out, password); } catch (KeyStoreException e) { throw new IOException("Can't store keystore " + this, e); @@ -268,7 +268,6 @@ public class JavaKeyStoreProvider extends CredentialProvider { throw new IOException("Certificate exception storing keystore " + this, e); } - out.close(); changed = false; } finally {
